Cookie Manager Tarteaucitron — Complete guide
Installation, service configuration, automatic scanner, Consent Mode v2 and GDPR log for the Cookie Manager Tarteaucitron module for PrestaShop 8 and 9.
Overview
Cookie Manager Tarteaucitron is a cookie consent management module for PrestaShop 8.0+ and 9.x. It combines the open-source tarteaucitron.js engine — which effectively blocks services before consent — with a modern Axeptio-style interface: animated floating card, per-category toggles and a reopening bubble. The module integrates Google Consent Mode v2, a tracker scanner with automatic activation, and a GDPR consent log.
Installation
- In your PrestaShop back office, go to Modules → Module Manager → Upload a module.
- Upload the
datafirefly_tarteaucitron.zipfile. - Click Install then Configure.
The module automatically creates the consent log table on installation. If you are upgrading from a 1.0.x version, the table is created on the first visit to the configuration page — no reinstall required.
After any module update, clear the PrestaShop cache: Advanced Parameters → Performance → Clear cache.
General configuration
The General tab holds the base settings:
- Enable module: master switch for the banner on the storefront.
- Cookie name: name of the consent cookie (default
tarteaucitron). Only change it if another tool conflicts. - Cookie lifetime: 365 days by default. European authorities recommend a maximum of 13 months (395 days).
- Reopening bubble: shows a small “Cookies” bubble after consent, allowing visitors to change their choices anytime — a GDPR requirement.
- Privacy policy link: URL of your CMS page, displayed under the banner buttons.
The Texts tab lets you customize the title, message and the three button labels. The Design tab controls the primary color and the background and button text colors.
Enabling services
The Services tab lists the 11 ready-to-use integrations. For each service, enable the switch and fill in the required identifier:
- Google Analytics 4: Measurement ID in G-XXXXXXXX format
- Google Tag Manager: Container ID in GTM-XXXXXX format
- Google Ads: Conversion ID
- Meta Pixel: numeric Pixel ID
- Hotjar: numeric Site ID
- LinkedIn Insight: Partner ID
- TikTok Pixel: Pixel ID
- Microsoft Clarity: Project ID
- Intercom: App ID
- YouTube: no identifier required — enables blocking of embedded videos before consent
- Stripe: no identifier required — see the dedicated section below
A service enabled without an identifier will not load on the storefront (except YouTube and Stripe which do not require one). Check your identifiers after using the scanner’s automatic activation.
Scanner and automatic detection
The Automatic detection tab configures the module for you:
- Click Scan the site now. The module reads the cookies present on your domain and fetches your storefront HTML to analyze third-party script tags.
- Two tables appear: detected cookies (with probable service and suggested category, editable) and identified third-party scripts (with their status in the module).
- The green bar shows the number of recognized services. Click Apply to module and save: the matching services are enabled and the configuration is saved immediately.
- Then go to the Services tab to fill in the identifiers of the newly enabled services.
The scanner recognizes among others: Google Analytics, Google Ads, Meta Pixel, Hotjar, LinkedIn, TikTok, Microsoft Clarity, Intercom, Brevo, Stripe, as well as PrestaShop functional cookies.
Browse your storefront first in the same browser, then run the scan: the cookies dropped by your trackers will be visible and detection will be more complete.
Google Consent Mode v2
Mandatory since March 2024 for European advertisers, Consent Mode v2 lets Google model conversions even when consent is refused. The module’s Consent Mode tab:
- emits the 7 required signals (ad_storage, ad_user_data, ad_personalization, analytics_storage, functionality_storage, personalization_storage, security_storage) as default before any tag;
- lets you configure each default state individually —
deniedis recommended for the EEA; - updates the signals automatically based on the visitor’s choices.
A distinctive feature: on every page load, the default state reads the existing consent cookie. A visitor who already accepted gets granted from the very first frame — no transient denied window cutting into your Google Ads conversions on reload.
Stripe and essential cookies
Stripe cookies (__stripe_mid, __stripe_sid) are strictly necessary for payment fraud prevention. They fall under the consent exemption for essential trackers: blocking them would break the checkout.
The module treats them accordingly: when the Stripe service is enabled, it loads without a consent request and appears in the preferences panel under the Essentials and payment category with the “Always active” badge. Full transparency for the visitor, zero blocked payments.
Custom services
The Custom services tab lets you add any third-party script missing from the list:
- Key: unique lowercase technical identifier (e.g.
mychat) - Name: label shown in the banner
- Category: analytic, ads, social, support, api or other
- JavaScript code: the service loading code, executed only after consent
- Cookies: comma-separated list of cookie names dropped by the service
- Policy URL: link to the service’s privacy policy
Custom services appear in the banner under a dedicated category with their own toggle.
GDPR consent log
Article 7 of the GDPR requires that you can demonstrate consent was given. The GDPR Log tab shows the latest 50 records with, for each action:
- the date and time;
- the anonymous visitor identifier (dedicated technical cookie, no personal data);
- the accepted categories;
- the detailed choices, service by service.
Key facts:
- The IP address is never stored in clear text: it is SHA-256 hashed with a server salt, in line with data protection authority recommendations.
- Server-side deduplication ignores identical records from the same visitor within 5 seconds (double-click).
- An automatic purge removes entries older than 3 years on each visit to the configuration page.
- The log is preserved if the module is uninstalled, keeping your audit trail intact.
Troubleshooting
- The banner does not show: check the module is enabled in the General tab, then clear the PrestaShop cache. Also check no other consent module is running in parallel.
- Choices are not remembered: make sure you run version 1.1.0 or higher, which writes the cookie in the native tarteaucitron format. Clear the browser cache and delete the old consent cookie before retesting.
- A service does not load after acceptance: check its identifier is filled in the Services tab. Open the browser console to spot any errors.
- The scan detects nothing: browse the storefront first in the same browser, then run the scan again. If the admin and the storefront are on different domains, only the script analysis works.
- No records in the log: visit the module configuration page (the table is created automatically if missing), then give a fresh consent from the storefront in private browsing.
Need help? Contact DataFirefly support from your customer area — response within 24 business hours.